diff options
Diffstat (limited to 'test/openssl/test_ssl.rb')
-rw-r--r-- | test/openssl/test_ssl.rb | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb index bae3dcfc2f..aa61e385d5 100644 --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -284,6 +284,20 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase } end + def test_post_connect_check_with_anon_ciphers + sslerr = OpenSSL::SSL::SSLError + + start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true, {use_anon_cipher: true}){|server, port| + ctx = OpenSSL::SSL::SSLContext.new + ctx.ciphers = "aNULL" + server_connect(port, ctx) { |ssl| + msg = "Peer verification enabled, but no certificate received. Anonymous cipher suite " \ + "ADH-AES256-GCM-SHA384 was negotiated. Anonymous suites must be disabled to use peer verification." + assert_raise_with_message(sslerr,msg){ssl.post_connection_check("localhost.localdomain")} + } + } + end + def test_post_connection_check sslerr = OpenSSL::SSL::SSLError |